From bef824e84ee36769712fc3c48171032056875df0 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Mon, 6 Jan 2020 12:21:59 -0700 Subject: [PATCH] Remove harmful html entities encoding and other style nits React will take care of this for us. It's harmful because simple characters get converted to something illegible. --- src/HtmlUtils.js | 5 ----- src/components/views/dialogs/DMInviteDialog.js | 12 ++++-------- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/src/HtmlUtils.js b/src/HtmlUtils.js index ce677e6c68..7cdff26a21 100644 --- a/src/HtmlUtils.js +++ b/src/HtmlUtils.js @@ -528,8 +528,3 @@ export function checkBlockNode(node) { return false; } } - -export function htmlEntitiesEncode(str: string) { - // Source: https://stackoverflow.com/a/18750001/7037379 - return str.replace(/[\u00A0-\u9999<>&]/gim, i => `&#${i.charCodeAt(0)};`); -} diff --git a/src/components/views/dialogs/DMInviteDialog.js b/src/components/views/dialogs/DMInviteDialog.js index aec64919a0..bb3e38a304 100644 --- a/src/components/views/dialogs/DMInviteDialog.js +++ b/src/components/views/dialogs/DMInviteDialog.js @@ -24,7 +24,6 @@ import DMRoomMap from "../../../utils/DMRoomMap"; import {RoomMember} from "matrix-js-sdk/lib/matrix"; import * as humanize from "humanize"; import SdkConfig from "../../../SdkConfig"; -import {htmlEntitiesEncode} from "../../../HtmlUtils"; import {getHttpUriForMxc} from "matrix-js-sdk/lib/content-repo"; // TODO: [TravisR] Make this generic for all kinds of invites @@ -77,11 +76,9 @@ class DMRoomTile extends React.PureComponent { _highlightName(str: string) { if (!this.props.highlightWord) return str; - // First encode the thing to avoid injection - str = htmlEntitiesEncode(str); - // We convert things to lowercase for index searching, but pull substrings from - // the submitted text to preserve case. + // the submitted text to preserve case. Note: we don't need to htmlEntities the + // string because React will safely encode the text for us. const lowerStr = str.toLowerCase(); const filterStr = this.props.highlightWord.toLowerCase(); @@ -92,8 +89,8 @@ class DMRoomTile extends React.PureComponent { while ((ii = lowerStr.indexOf(filterStr, i)) >= 0) { // Push any text we missed (first bit/middle of text) if (ii > i) { - // Push any text we aren't highlighting (middle of text match) - result.push({str.substring(i, ii)}); + // Push any text we aren't highlighting (middle of text match, or beginning of text) + result.push({str.substring(i, ii)}); } i = ii; // copy over ii only if we have a match (to preserve i for end-of-text matching) @@ -333,7 +330,6 @@ export default class DMInviteDialog extends React.PureComponent { } } - // If we're going to hide one member behind 'show more', just use up the space of the button // with the member's tile instead. if (showNum === sourceMembers.length - 1) showNum++;